From d332764cb2a808c8dc1516a1652757fea1dc370c Mon Sep 17 00:00:00 2001 From: DaevMithran <61043607+DaevMithran@users.noreply.github.com> Date: Fri, 19 Jan 2024 19:33:02 +0530 Subject: [PATCH] fix: Add creds decryption .env (#475) * feat: Add creds encryption .env * Remove encrypted key import in swagger --- .github/workflows/build.yml | 1 + src/controllers/key.ts | 2 +- src/helpers/helpers.ts | 4 ++-- src/static/swagger.json | 10 ---------- src/types/environment.d.ts | 3 +++ src/types/swagger-types.ts | 7 ------- 6 files changed, 7 insertions(+), 20 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 809ebffb..c4dee373 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -60,6 +60,7 @@ jobs: TESTNET_RPC_URL: ${{ vars.TESTNET_RPC_URL }} VERIDA_NETWORK: ${{ vars.VERIDA_NETWORK }} VERIDA_PRIVATE_KEY: ${{ secrets.VERIDA_PRIVATE_KEY }} + CREDS_DECRYPTION_SECRET: ${{ secrets.CREDS_DECRYPTION_SECRET }} - uses: actions/upload-artifact@v4 if: always() diff --git a/src/controllers/key.ts b/src/controllers/key.ts index 9c0b26e8..a34c7d8a 100644 --- a/src/controllers/key.ts +++ b/src/controllers/key.ts @@ -127,7 +127,7 @@ export class KeyController { */ public async importKey(request: Request, response: Response) { // Get parameters requeired for key importing - const { type, encrypted, ivHex, salt, alias, privateKeyHex } = request.body as ImportKeyRequestBody; + const { type, encrypted = false, ivHex, salt, alias, privateKeyHex } = request.body as ImportKeyRequestBody; // Get strategy e.g. postgres or local const identityServiceStrategySetup = new IdentityServiceStrategySetup(response.locals.customer.customerId); let decryptedPrivateKeyHex = privateKeyHex; diff --git a/src/helpers/helpers.ts b/src/helpers/helpers.ts index 37075afe..3148ca78 100644 --- a/src/helpers/helpers.ts +++ b/src/helpers/helpers.ts @@ -213,11 +213,11 @@ export async function deriveSymmetricKeyFromSecret( } export async function decryptPrivateKey(encryptedPrivateKeyHex: string, ivHex: string, salt: string) { - if (!process.env.ENCRYPTION_SECRET) { + if (!process.env.CREDS_DECRYPTION_SECRET) { throw new Error('Missing encryption secret'); } // derive key from passphrase - const derivedKey = await deriveSymmetricKeyFromSecret(process.env.ENCRYPTION_SECRET, salt); + const derivedKey = await deriveSymmetricKeyFromSecret(process.env.CREDS_DECRYPTION_SECRET, salt); // unwrap encrypted key with iv const encryptedKey = Buffer.from(encryptedPrivateKeyHex, 'hex'); diff --git a/src/static/swagger.json b/src/static/swagger.json index 1127234e..3ec8cf8d 100644 --- a/src/static/swagger.json +++ b/src/static/swagger.json @@ -2650,16 +2650,6 @@ }, "privateKeyHex": { "type": "string" - }, - "ivHex": { - "type": "string", - "required": false - }, - "salt": { - "type": "string" - }, - "encrypted": { - "type": "boolean" } } }, diff --git a/src/types/environment.d.ts b/src/types/environment.d.ts index a27f1f73..6a33a625 100644 --- a/src/types/environment.d.ts +++ b/src/types/environment.d.ts @@ -51,6 +51,9 @@ declare global { ENABLE_ACCOUNT_TOPUP: string | 'false'; FAUCET_URI: string; TESTNET_MINIMUM_BALANCE: number; + + // Creds + CREDS_DECRYPTION_SECRET: string; } } diff --git a/src/types/swagger-types.ts b/src/types/swagger-types.ts index 5eb086a1..4aa206a7 100644 --- a/src/types/swagger-types.ts +++ b/src/types/swagger-types.ts @@ -702,13 +702,6 @@ * enum: [ Ed25519, Secp256k1 ] * privateKeyHex: * type: string - * ivHex: - * type: string - * required: false - * salt: - * type: string - * encrypted: - * type: boolean * KeyResult: * type: object * properties: